Security update for gd SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:0235-1 Final 1 1 2018-01-26T12:37:02Z current 2018-01-26T12:37:02Z 2018-01-26T12:37:02Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gd This update for gd fixes several issues. This security issue was fixed: - CVE-2018-5711: Prevent integer signedness error that could have lead to an infinite loop via a crafted GIF file allowing for DoS (bsc#1076391) This non-security issue was fixed: - Fixed gd2togif error message (bsc#1025223) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp4-gd-13441,slessp4-gd-13441 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20180235-1/ Link for SUSE-SU-2018:0235-1 https://lists.suse.com/pipermail/sle-security-updates/2018-January/003638.html E-Mail link for SUSE-SU-2018:0235-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1025223 SUSE Bug 1025223 https://bugzilla.suse.com/1076391 SUSE Bug 1076391 https://www.suse.com/security/cve/CVE-2018-5711/ SUSE CVE CVE-2018-5711 page SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 gd-devel-2.0.36.RC1-52.33.5.1 gd-2.0.36.RC1-52.33.5.1 gd-2.0.36.RC1-52.33.5.1 as a component of SUSE Linux Enterprise Server 11 SP4 gd-2.0.36.RC1-52.33.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 gd-devel-2.0.36.RC1-52.33.5.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx. CVE-2018-5711 SUSE Linux Enterprise Server 11 SP4:gd-2.0.36.RC1-52.33.5.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:gd-2.0.36.RC1-52.33.5.1 SUSE Linux Enterprise Software Development Kit 11 SP4:gd-devel-2.0.36.RC1-52.33.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180235-1/ https://www.suse.com/security/cve/CVE-2018-5711.html CVE-2018-5711 https://bugzilla.suse.com/1076391 SUSE Bug 1076391